Page 5 - Cyber Warnings
P. 5
Not Oceans 14
Casinos are also an e-Target
by Charles Parker, II
Casinos are no different than an accounting firm, hospital, or manufacturer in at least one sense
when cybersecurity is the common thread. These entities hold data that people want to steal.
This data is then sold or otherwise leveraged for their own uses to generate revenue or simply
sold. One industry not researched at length has been the casinos.
These businesses tend to focus more on the physical security as the workers handle mass
amounts of cash, the chips, and playing cards. Granted this is exceptionally important.
Without a robust physical security program in place, the physical items of value would simply
walk out. The risk of a physical theft is a completely viable area to secure, as much as possible.
As part of the overall security program, data security also should be addressed and
implemented.
Although the risk of a physical theft is present, the data security risk is ever present. The
person(s) do not have to be physically present on site to steal money or to sabotage the system.
This attack may be exercised from virtually anywhere in the world with an adequate internet
connection.
Attack
Casinos are just as likely as other entities to be a victim of a breach. This was the case with the
Grey Eagle Casino in Calgary when their employee data was compromised.
The entry point for the attack was a computer in the Human Resources office that had been
compromised. The data and information stolen consisted of confidential letters, and files. These
did have dozens of employee’s names and personal information.
To authenticate this, the data was posted online from approximately 12 documents affected
over 12 employees. Although the entry point was a Human Resources computer, the method
utilized, by the attacker, was phishing attack. The form was a phishing email with a malicious
link or the user ended up logging into a malicious website.
Although this compromise was embarrassing enough, this compromise could have been much
worse. This incident was isolated with one system. In theory, it would have not been too far of a
bridge for the attackers to branch out and infect other computers on the network or the servers.
Other data could have been harvested. The casino could also have been a victim of widespread
ransomware.
5 Cyber Warnings E-Magazine – June 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
